Report Permessi Share e Appartenenza Gruppi

Salvare il codice in un file di testo con nome ReportPermessiShareAppartenenzaGruppi.ps1
Eseguire Powershell con diritti di amministrazione sulla share
cd [path cartella contenente ReportPermessiShareAppartenenzaGruppi.ps1]

# Powershell.exe -executionpolicy bypass .\ReportPermessiShareAppartenenzaGruppi.ps1

Codice:

Get-Item \\DFS\share\department | select -ExpandProperty FullName | % {write "Folder: $_ `n"; get-acl $_ | select -property AccessToString | FL ; $($(get-acl $_ | select -ExpandProperty Access | where IdentityReference -Match "Domain01*|Domain02*" | select -ExpandProperty IdentityReference) -replace "^(.*?\\)(.+)" , '$2') | % {Get-ADGroup -Filter {( name -like $_) -and (ObjectClass -eq "group") -and ( name -notlike "Domain Admins") -and ( name -notlike "Administrators") } -server "domainController.domain.ext" -searchbase "DC=Domain01,DC=domain,DC=ext" -Properties * | % { write "`nGroup" $_.CN "`nMember" ; Get-ADGroupMember $_ | select -ExpandProperty SamAccountName }} ; write "`n`n`n --------------------------------------------------------------------------------------------------------------------------------------------- `n`n`n"} | Out-File -FilePath $(".\Output"+$(Get-Date -UFormat %Y-%m-%d_%H.%M.%S)+".txt") -Encoding "UTF8" -Append -Force

Get-ChildItem \\DFS\share\department | select -ExpandProperty FullName | % {write "Folder: $_ `n"; get-acl $_ | select -property AccessToString | FL ; $($(get-acl $_ | select -ExpandProperty Access | where IdentityReference -Match "Domain01*|Domain02*" | select -ExpandProperty IdentityReference) -replace "^(.*?\\)(.+)" , '$2') | % {Get-ADGroup -Filter {( name -like $_) -and (ObjectClass -eq "group") -and ( name -notlike "Domain Admins") -and ( name -notlike "Administrators") } -server "domainController.domain.ext" -searchbase "DC=Domain01,DC=domain,DC=ext" -Properties * | % { write "`nGroup" $_.CN "`nMember" ; Get-ADGroupMember $_ | select -ExpandProperty SamAccountName}} ; write "`n`n`n --------------------------------------------------------------------------------------------------------------------------------------------- `n`n`n"} | Out-File -FilePath $(".\Output"+$(Get-Date -UFormat %Y-%m-%d_%H.%M.%S)+".txt") -Encoding "UTF8" -Append -Force

# shere folder access group departmentGroup read and execute this folder only on shere folder departement

Get-ADGroup -Filter {name -like "departmentGroup"} -server "domainController.domain.ext" -searchbase "DC=Domain01,DC=domain,DC=ext" -Properties * | % { write "`nGroup" $_.CN "`nMember" ; Get-ADGroupMember $_ | select -ExpandProperty SamAccountName} | % {Get-ADGroup -Filter {( name -like $_) -and (ObjectClass -eq "group") -and ( name -notlike "Domain Admins") -and ( name -notlike "Administrators") } -server "domainController.domain.ext" -searchbase "DC=Domain01,DC=domain,DC=ext" -Properties * | % { write "`nGroup" $_.CN "`nMember" ; Get-ADGroupMember $_ | select -ExpandProperty SamAccountName} ; write "`n --------------------------------------------------------------------------------------------------------------------------------------------- `n"} | Out-File -FilePath $(".\Output"+$(Get-Date -UFormat %Y-%m-%d_%H.%M.%S)+".txt") -Encoding "UTF8" -Append -Force